diff options
Diffstat (limited to 'perl/lib/Nix/Store.xs')
-rw-r--r-- | perl/lib/Nix/Store.xs | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/perl/lib/Nix/Store.xs b/perl/lib/Nix/Store.xs index ff90616d3766..4c550cdb752c 100644 --- a/perl/lib/Nix/Store.xs +++ b/perl/lib/Nix/Store.xs @@ -11,6 +11,10 @@ #include <misc.hh> #include <util.hh> +#if HAVE_SODIUM +#include <sodium.h> +#endif + using namespace nix; @@ -223,6 +227,52 @@ SV * hashString(char * algo, int base32, char * s) } +SV * signString(SV * secretKey_, char * msg) + PPCODE: + try { +#if HAVE_SODIUM + STRLEN secretKeyLen; + unsigned char * secretKey = (unsigned char *) SvPV(secretKey_, secretKeyLen); + if (secretKeyLen != crypto_sign_SECRETKEYBYTES) + throw Error("secret key is not valid"); + + unsigned char sig[crypto_sign_BYTES]; + unsigned long long sigLen; + crypto_sign_detached(sig, &sigLen, (unsigned char *) msg, strlen(msg), secretKey); + XPUSHs(sv_2mortal(newSVpv((char *) sig, sigLen))); +#else + throw Error("Nix was not compiled with libsodium, required for signed binary cache support"); +#endif + } catch (Error & e) { + croak(e.what()); + } + + +int checkSignature(SV * publicKey_, SV * sig_, char * msg) + CODE: + try { +#if HAVE_SODIUM + STRLEN publicKeyLen; + unsigned char * publicKey = (unsigned char *) SvPV(publicKey_, publicKeyLen); + if (publicKeyLen != crypto_sign_PUBLICKEYBYTES) + throw Error("public key is not valid"); + + STRLEN sigLen; + unsigned char * sig = (unsigned char *) SvPV(sig_, sigLen); + if (sigLen != crypto_sign_BYTES) + throw Error("signature is not valid"); + + RETVAL = crypto_sign_verify_detached(sig, (unsigned char *) msg, strlen(msg), publicKey) == 0; +#else + throw Error("Nix was not compiled with libsodium, required for signed binary cache support"); +#endif + } catch (Error & e) { + croak(e.what()); + } + OUTPUT: + RETVAL + + SV * addToStore(char * srcPath, int recursive, char * algo) PPCODE: try { |